SMTP: Can't send emails anymore! Error 553

matlag · January 22, 2025, 10:05pm

What type of hardware are you using: Other(?)
What YunoHost version are you running: 12.0.11
How are you able to access your server: SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: No

Describe your issue

I can no longer send emails, either from the Snappy Mail app nor from my KMail client.
This may have been the case since my migration to Yunohost 12, I can’t remember if I tested it on that very instance at the time.

From KMail:
Erreur du serveur «5.7.1 username@domain.tld: Sender address rejected: not owned by username»
From Snappy Mail:
Failed to add recipient ‘recipient@target.tld’ 553 5.7.1 username@domain.tld: Sender address rejected: not logged in

I created a new user in case this was a migration thing. Same error.

I tried the trick mentioned here in main.cf, but it didn’t help in my case (so I changed it back after confirming it didn’t help).

I still get emails from the automatic diagnosis, though diagnosis@domain.tld

I ran a configuration check.

yunohost tools regen-conf --dry-run --with-diff

postfix:
  applied:
  pending:
    /etc/postfix/main.cf:
      diff: @@ -78,7 +78,7 @@
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0
-recipient_delimiter = +._
+recipient_delimiter = +
 inet_interfaces = all

I do the same thing on the other instance, causing no issue.

Any help would be appreciated!

Share relevant logs or error messages

Erreur du serveur «5.7.1 username@domain.tld: Sender address rejected: not owned by username»
Failed to add recipient ‘recipient@target.tld’ 553 5.7.1 username@domain.tld: Sender address rejected: not logged in

fritz2cat · January 23, 2025, 9:13am

Bonjour,
Après avoir modifié main.cf, vous devez utiliser la commande:
postfix reload
afin de prendre en compte les modifications.
Ca pourrait expliquer que rien n’avait changé.

wbk · January 23, 2025, 12:32pm

matlag:

Erreur du serveur «5.7.1 [username@domain.tld](mailto:username@domain.tld): Sender address rejected: not owned by username»
Failed to add recipient ‘recipient@target.tld’ 553 5.7.1 [username@domain.tld](mailto:username@domain.tld): Sender address rejected: not logged in

I can’t help you out directly, but I had similar errors in this case:

My user is member of a group
The group has mail aliases
Emails sent to the group mail alias are forwarded (also) to my mailbox
Replying to those emails gave the error Sender address rejected: not owned by user

There I could solve the issue by adding groups to the allowed senders in main.cf (at smtpd_sender_login_maps=)

Seeing you got this error for new users as well, it may be something is off in LDAP. I struggle with LDAP myself, but there should be a file /etc/postfix/ldap-accounts.cf(or other location, as referred in the smtpd_sender_login_maps), that has an LDAP query returning allowed senders for Postfix.

matlag · January 23, 2025, 6:02pm

Après avoir modifié main.cf, vous devez utiliser la commande:
postfix reload

I used systemctl reload postfix and even systemctl restart postfix.
I just tried postfix reload for comprehensiveness, but nope, same issue.

I can’t help you out directly, but I had similar errors in this case:

My user is member of a group

The group has mail aliases

Emails sent to the group mail alias are forwarded (also) to my mailbox

Replying to those emails gave the error Sender address rejected: not owned by user

No user is part of any group in my case (well, except “all_users”).

/etc/postfix/ldap-accounts.cf

server_host = localhost
server_port = 389
search_base = dc=yunohost,dc=org
query_filter = (&(objectClass=mailAccount)(mail=%s)(permission=cn=mail.main,ou=permission,dc=yunohost,dc=org))
result_attribute = uid

in /etc/postfix/main.cf

smtpd_sender_login_maps = unionmap:{
   # Regular Yunohost accounts
   ldap:/etc/postfix/ldap-accounts.cf,
   # Extra maps for app system users who need to send emails
   hash:/etc/postfix/app_senders_login_maps }

matlag · January 23, 2025, 6:46pm

UPDATE!

So, it looks like I have the opposite problem to some other folks.
I tried something apparently stupid, but why not:
I copy-pasted the main email in an alias email, directly in the Yuno admin web interface, for my freshly created test user.

And it works!! ERRATUM: after saving in the web interface, the alias is not there. So I have no idea what it did…

AND: the same trick did not work for my “real” legacy user. Copy-pasted the mail in alias. Save. Alias not listed (of course…) and still can’t send emails.

Would that not point to a LDAP issue?

Additional note: I ran yunohost user info on both users, and I didn’t spot any difference. None of them has a mail-alias now…

wbk · January 23, 2025, 8:07pm

And if you add one via the CLI?

$ sudo yunohost user update mymail@domain.tld --add-mailalias newaddress@domain.tld

They used to have aliases and they disappeared?

It may be an LDAP issue, but as I said, unknown territory.

(The forum says we’re both writing a message, I hope yours is good news )

matlag · January 23, 2025, 8:09pm

Cette affaire va me rendre chèvre!
Mes vérifications sont allées un peu vite, alors voilà où j’en suis vraiment:

En commentant reject_sender_login_mismatch dans /etc/postfix/main.cf

Ça marche pour tous les utilisateurs, mais uniquement depuis SnappyMail
Ça ne marche pas depuis KMail ou K9

Sans commenter cette ligne:

Rien ne marche!

EDIT (I wrote in French /o)
Commenting out reject_sender_login_mismatch in /etc/postfix/main.cf

I can send emails for the fresh and an old user from SnappyMail
I can NOT send emails from KMail or K9

If I don’t comment out that line:

I cannot send emails from anywhere, any account

matlag · January 23, 2025, 8:41pm

I tried to “rediscover” the settings for K9 sending parameters.
I can’t spot the slightest difference, but now it works.

Still no luck with KMail, and it still says “Sender address not owned by user”.

And why ô why do we need to comment out reject_sender_login_mismatch ??

wbk · January 23, 2025, 9:12pm

It is active on my setup, without causing trouble.

Speculating: it may be related to the missing aliases. On Yunohost, our logins are of the form “user”, while our email address is “user@domain.tld”. That smells like using an alias for the primary address. Without such an alias, there is a mismatch between login and from: address.

I think you arrived at a solution that does not catch the root cause (but at least there is no stress of being unable to send email)

I don’t have an answer to this one, I hope someone else reads the thread. In case you find the cause later on, please let us know!

metyun · January 23, 2025, 9:17pm

Hi,

Stupid question : Do you use SMTP authentication in Snappymail?

matlag · January 23, 2025, 10:14pm

Can’t even get to that panel
But I assume so, that’s the settings I have for the other clients.

I fixed the issue in KMail by the way, it was a setting error on my end.

metyun · January 23, 2025, 10:27pm

https://your_domain.tld/snappymail/app/?admin

Change admin password at the first connection, it’s very important.
You see the instruction on the app page in the Webadmin. : User admin and password in /var/www/snappymail/app/data/_data_/_default_/admin_password.txt

matlag · January 24, 2025, 9:22pm

Ah, I did find back the password (that I changed…).
And Security: none. Port: 25.
I guess Postfix default settings are more lenient with localhost’s clients?

rodinux · January 24, 2025, 9:32pm

You should change this with STARTTLS and 587

matlag · January 24, 2025, 10:10pm

Done, but would that make more sense if Postfix was also actually rejecting non-secured access even from localhost?

I also changed IMAP to use SSL/TLS, though I had to change the server name from localhost to domain.tld.

system · February 23, 2025, 10:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.